From 98b91e7bdd00b388dbb947d86fdce0ac84acfcc4 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Wed, 6 May 2020 22:50:23 -0400 Subject: [PATCH] review fix --- conventional.yaml | 5 +++-- irc/server.go | 4 ++++ oragono.yaml | 5 +++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/conventional.yaml b/conventional.yaml index 2303c8ba..1931263a 100644 --- a/conventional.yaml +++ b/conventional.yaml @@ -134,8 +134,9 @@ server: motd-formatting: true # addresses/CIDRs the PROXY command can be used from - # this should be restricted to 127.0.0.1/8 and ::1/128 (unless you have a good reason) - # you should also add these addresses to the connection limits and throttling exemption lists + # this should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets), + # unless you have a good reason. you should also add these addresses to the + # connection limits and throttling exemption lists. proxy-allowed-from: - localhost # - "192.168.1.1" diff --git a/irc/server.go b/irc/server.go index 1d8a970c..ade9a1df 100644 --- a/irc/server.go +++ b/irc/server.go @@ -601,6 +601,10 @@ func (server *Server) applyConfig(config *Config) (err error) { newISupportReplies = oldConfig.Server.isupport.GetDifference(&config.Server.isupport) } + if len(config.Server.ProxyAllowedFrom) != 0 { + server.logger.Info("server", "Proxied IPs will be accepted from", strings.Join(config.Server.ProxyAllowedFrom, ", ")) + } + // we are now open for business err = server.setupListeners(config) diff --git a/oragono.yaml b/oragono.yaml index faa4f39c..242dd4a3 100644 --- a/oragono.yaml +++ b/oragono.yaml @@ -155,8 +155,9 @@ server: motd-formatting: true # addresses/CIDRs the PROXY command can be used from - # this should be restricted to 127.0.0.1/8 and ::1/128 (unless you have a good reason) - # you should also add these addresses to the connection limits and throttling exemption lists + # this should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets), + # unless you have a good reason. you should also add these addresses to the + # connection limits and throttling exemption lists. proxy-allowed-from: - localhost # - "192.168.1.1"